Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Sessions from SecurityWeek’s 2024 Attack Surface Management are now available to watch on demand.

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

Iranian hackers sought to interest President Joe Biden’s campaign in information stolen from rival Donald Trump’s campaign.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

Attack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.

Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

Credential management firm Axiad has appointed Brian Szeto as CFO and Lynne Boyd as VP of sales.

Secure infrastructure access firm Teleport has named a new CRO and CMO.

More People On The Move
Raptor Train botnet takedown Raptor Train botnet takedown

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

Top Cybersecurity Headlines

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

SAN FRANCISCO – RSA CONFERENCE 2012 - Bit9, the company best known for its application whitelisting technology, today announced a platform that the company says will help protect all enterprise endpoints, servers and private clouds from cyber-attacks that often make their way past other anti-virus and behavioral security solutions.

SAN FRANCISCO -- RSA CONFERENCE 2012 -- RSA, the Security Division of EMC, today introduced enhancements to its NetWitness Live™ platform, including expanded threat content and added support for new analytics platforms.The RSA NetWitness Live service is a cloud-based threat intelligence delivery platform that aggregates, analyzes and spotlights security content from approximately 100 sources.

SAN FRANCISCO - RSA CONFERENCE 2012 - Qualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception. The company, based just miles away in Redwood Shores, today introduced significant enhancements to its flagship QualysGuard suite of applications for security and compliance.The company's cloud-based QualysGuard service adds the following new features and enhancements as announced today at the RSA Conference:

Cybercriminals put significant effort into building their data stealing and spam pushing botnets, so when things come crashing down when authorities seize control of a botnet’s command and control server, you can imagine how frustrating it is for the fraudsters. Never mind the fact there is a good chance they’d be facing jail time as well. In the past year, we’ve seen several successful botnet takedowns, and authorities and security vendors are continuing the assault against these international cybercime empires.

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Two weeks ago, Mac security researchers at Intego discovered a variant of the Flashback Trojan using clever methods to infect systems. On Friday, Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications.

The world has changed. The predicted consolidation of all things electronic (i.e., telephony, games, Internet, email, entertainment, social, calendars, etc.) fits in my jacket pocket and has become an indispensible part of my life. I seamlessly work from my office, my home, my car and around the world as though there are no walls.

Trustwave, a provider of IT security and compliance solutions, today announced additions to its managed security services portfolio, including new managed Web Application Firewall and Information and Event Management (SIEM) solutions.The offerings add to the company’s existing managed security services offerings, including managed encryption, network access control, two-factor authentication and unified threat management.

In the Cybersecurity Battle, the Side with Information Superiority Wins.Whether we’re engaging foes in warfare or protecting our computer networks, having information superiority is essential to success. Defined in the US Army Vision 2010 doctrine as “the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same,” information superiority is identified as “the key enabler in 21st century operations”.

The security of device-independent quantum key distribution (QKD) has been deemed ineffective by a team of Canadian researchers, and at least one commercial product already in use for telecommunications is directly affected.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security